From c7f3d5cbb7f738aa316a446cd6bfcf2eba1e21c8 Mon Sep 17 00:00:00 2001 From: Michael Ward Date: Thu, 2 Jul 2026 08:05:37 -0400 Subject: [PATCH 1/2] pin agent container image instead of spawning from latest --- netlify/functions/lib/image-ref.ts | 6 ++++++ netlify/functions/lib/spawn.ts | 3 +++ 2 files changed, 9 insertions(+) create mode 100644 netlify/functions/lib/image-ref.ts diff --git a/netlify/functions/lib/image-ref.ts b/netlify/functions/lib/image-ref.ts new file mode 100644 index 00000000..60c50f92 --- /dev/null +++ b/netlify/functions/lib/image-ref.ts @@ -0,0 +1,6 @@ +// pinned agent container image, bumped by app-building's build-container workflow after each +// image push (or by hand). must be an immutable tag, never :latest - spawning from :latest made +// the fleet's browser version depend on whenever someone last happened to push app-building main +// (recordings ran on a 2-month-old chromium through late june because of this). +// the CONTAINER_IMAGE_REF env var still wins, for one-off experiments. +export const PINNED_CONTAINER_IMAGE = 'ghcr.io/replayio/app-building:sha-fbc4139' diff --git a/netlify/functions/lib/spawn.ts b/netlify/functions/lib/spawn.ts index 82f22b2c..24904df4 100644 --- a/netlify/functions/lib/spawn.ts +++ b/netlify/functions/lib/spawn.ts @@ -12,6 +12,7 @@ import { import { getSql } from '../db.ts' import { containerBaseUrl, containerAddressHeaders } from './container-backend.ts' +import { PINNED_CONTAINER_IMAGE } from './image-ref.ts' const FLY_API_BASE = 'https://api.machines.dev/v1' @@ -397,6 +398,8 @@ export async function spawnContainer(opts: SpawnContainerOptions, repo: RepoOpti const config: ContainerConfig = { infisical: opts.infisical, registry, + // pin the agent image instead of letting the package default to :latest + imageRef: process.env.CONTAINER_IMAGE_REF || PINNED_CONTAINER_IMAGE, flyToken: opts.flyToken, flyApp: opts.flyApp, detached: opts.detached, From ab3767969eeb1e497d9af0ea52e6a31d2db8c337 Mon Sep 17 00:00:00 2001 From: Michael Ward Date: Thu, 2 Jul 2026 08:35:24 -0400 Subject: [PATCH 2/2] pin the chromium buildid image tag instead of sha-short --- netlify/functions/lib/image-ref.ts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/netlify/functions/lib/image-ref.ts b/netlify/functions/lib/image-ref.ts index 60c50f92..8810dbe0 100644 --- a/netlify/functions/lib/image-ref.ts +++ b/netlify/functions/lib/image-ref.ts @@ -2,5 +2,7 @@ // image push (or by hand). must be an immutable tag, never :latest - spawning from :latest made // the fleet's browser version depend on whenever someone last happened to push app-building main // (recordings ran on a 2-month-old chromium through late june because of this). -// the CONTAINER_IMAGE_REF env var still wins, for one-off experiments. -export const PINNED_CONTAINER_IMAGE = 'ghcr.io/replayio/app-building:sha-fbc4139' +// tag format is -, so a bump diff shows the +// browser change directly. the CONTAINER_IMAGE_REF env var still wins, for one-off experiments. +export const PINNED_CONTAINER_IMAGE = + 'ghcr.io/replayio/app-building:fbc4139-linux-chromium-20260701-712764864f08-af657e1966d8'